• Guillaume Roguez's avatar
    tls: revert anonymous certificate exchange · 9e053207
    Guillaume Roguez authored
    If an encrypted packet used during the encrypted
    handshake steps to initialize a secure channel with a peer
    is re-ordered due to the network, gnutls is not able to
    process the handshake correctly.
    This prevents any calls to be established
    (SIP channel goes over such connection).
    
    This patch reverts the anonymous handshake to let only
    the non-encrypted certificate exchange system.
    This is less anonymous as certificates are exchanged in
    plain-text format.
    
    The revert consisting to add an option to enable or not the
    anonymous certificate exchange. This option is set to false
    (non-enabled) by default.
    
    Now, TLS 1.3 should resolve this situation.
    So it's not a definitive patch.
    
    Change-Id: I3214efae1b69e44967a67a628cc690d8e95c9e40
    Tuleap: #572
    9e053207
tls_session.h 7.35 KB